Archive for May, 2010

How to setup a VPN server on a CentOS VPS instantly

Uncategorized | Posted by admin
May 20 2010

We have made a small and dirty bash script which installs and configures OpenVPN on CentOS 5 32bit. The VPN server’s primary (and only) use is for safe browsing i.e. tunneling all your traffic through your VPS. The script also generates your client configuration file along with the necessary keys for authentication.

Requirements

1. CentOS 5 32bit minimal OS template

2. TUN/TAP device enabled on your VPS

3. iptables NAT support

You will have to open a ticket to request a TUN/TAP device to be enabled on your VPS. If you’re not a customer of ours and your host’s support staff doesn’t know how to do this, you may tell them to execute the following commands on the hardware node where your VPS is hosted.

vzctl stop YOUR_VEID
vzctl set YOUR_VEID –devices c:10:200:rw –save
vzctl set YOUR_VEID –capability net_admin:on –save
vzctl start YOUR_VEID
vzctl exec YOUR_VEID “mkdir -p /dev/net; mknod /dev/net/tun c 10 200; chmod 600 /dev/net/tun”
# iptables support
vzctl stop YOUR_VEID
vzctl set YOUR_VEID –iptables ipt_REJECT –iptables ipt_tos –iptables ipt_TOS –iptables ipt_LOG –iptables ip_conntrack –iptables ipt_limit –iptables ipt_multiport –iptables iptable_filter –iptables iptable_mangle –iptables ipt_TCPMSS –iptables ipt_tcpmss –iptables ipt_ttl –iptables ipt_length –iptables ipt_state –iptables iptable_nat –iptables ip_nat_ftp –save
vzctl start YOUR_VEID

Make sure they will replace ‘YOUR_VEID’ with your VPS’s VEID and you will be ready to roll

Login to your VPS as root and execute the following commands

wget http://vpsnoc.com/scripts/install-openvpn.sh
chmod +x install-openvpn.sh
./install-openvpn.sh

You will be prompted to enter values for your server and client certificate, feel free to accept (hit enter) the default values. Its not recommended to setup a password for your server certificate as you will have to type in the password each time you wish to start/restart the openvpn daemon.
You can however set a password for your client’s certificate since it offers extra level of protection in case your certificate and key files are compromised. You will be prompted for that password each time you connect on your VPS’s VPN.

After the script finished installing openvpn (should be very quick) the client keys and the openvpn client configuration file will be archived in /root/keys.tgz
You may use a sftp/scp client such as winscp or filezilla to download the archive on your computer.

If you already haven’t installed openvpn for windows you may do so now.
You may use winrar or 7zip to extract the content of keys.tgz in C:\Program Files\OpenVPN\config\VPN (create a folder named VPN there)
After you have extracted the files from keys.tgz in the above folder, you may start openvpn-gui from the start menu, right click the tray icon, go to VPN and click connect. After the icon turns green all your traffic will be forwarded through your VPS, no extra configuration on your browser/IM client/email client is required.

If you’re facing issues make sure that your computer clock is synchronized, if so make sure that your VPS’s clock is correct as well. If it’s not you will have to ask your host to sync it.

For any other issues and feedback please e-mail us at support@vpsnoc.com

You may use and modify this script however you see fit, provided that you do not edit the original copyright.

#!/bin/bash
# Quick and dirty OpenVPN install script
# Tested on Centos 5.x 32bit, openvz minimal CentOS OS templates
# Please submit feedback and questions at support@vpsnoc.com

# John Malkowski vpsnoc.com 01/04/2010

ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 | awk -F= ‘{print $2}’`

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm -iv rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rm -rf rpmforge-release-0.3.6-1.el5.rf.i386.rpm

yum -y install openvpn openssl openssl-devel
cd /etc/openvpn/
cp -R /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/
cd /etc/openvpn/easy-rsa/2.0/
chmod +rwx *
. ../vars
./clean-all
source ./vars

echo -e “\n\n\n\n\n\n\n” | ./build-ca
clear
echo “####################################”
echo “Feel free to accept default values”
echo “Wouldn’t recommend setting a password here”
echo “Then you’d have to type in the password each time openVPN starts/restarts”
echo “####################################”
./build-key-server server
./build-dh
cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/

clear
echo “####################################”
echo “Feel free to accept default values”
echo “This is your client key, you may set a password here but it’s not required”
echo “####################################”
./build-key client1
cd keys/

client=”
client
remote $ip 1194
dev tun
comp-lzo
ca ca.crt
cert client1.crt
key client1.key
route-delay 2
route-method exe
redirect-gateway def1
dhcp-option DNS 10.8.0.1
verb 3″

echo “$client” > $HOSTNAME.ovpn

tar czf keys.tgz ca.crt ca.key client1.crt client1.csr client1.key $HOSTNAME.ovpn
mv keys.tgz /root

opvpn=’
dev tun
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
push “route 10.8.0.0 255.255.255.0″
push “redirect-gateway”
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
group nobody
daemon’

echo “$opvpn” > /etc/openvpn/openvpn.conf

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
iptables-save > /etc/sysconfig/iptables
sed -i ‘s/eth0/venet0/g’ /etc/sysconfig/iptables # dirty vz fix for iptables-save
echo “net.ipv4.ip_forward=1″ >> /etc/sysctl.conf

/etc/init.d/openvpn start
clear

echo “OpenVPN has been installed
Download /root/keys.tgz using winscp or other sftp/scp client such as filezilla
Create a directory named vpn at C:\Program Files\OpenVPN\config\ and untar the content of keys.tgz there
Start openvpn-gui, right click the tray icon go to vpn and click connect

1 Comment »

How to install OpenVPN on a Debian/Ubuntu VPS instantly

Uncategorized, VPS | Posted by admin
May 11 2010

This is a follow up post to How to setup a VPN server on a CentOS VPS instantly same requirements and instructions apply.

Minor distribution specific changes were made on the previous CentOS script to get it working under Debian and Ubuntu. We might create one single script which will install OpenVPN on most distributions and architectures in future.

To install issue the following commands logged in as root on your VPS (Refer to this post if you are facing any issues)

wget http://vpsnoc.com/scripts/debian-openvpn.sh

chmod +x debian-openvpn.sh

./debian-openvpn.sh

For any other issues and feedback please e-mail us at support@vpsnoc.com

You may use and modify this script however you see fit, provided that you do not edit the original copyright.

#!/bin/bash
# Quick and dirty OpenVPN install script
# Tested on debian 5.0 32bit, openvz minimal debian OS template
# and Ubuntu 9.04 32 bit minimal, should work on 64bit images as well
# Please submit feedback and questions at support@vpsnoc.com

# John Malkowski vpsnoc.com 01/18/2010

ip=`grep address /etc/network/interfaces | grep -v 127.0.0.1 | awk ‘{print $2}’`
apt-get update
apt-get install openvpn libssl-dev openssl
cd /etc/openvpn/
cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn/
cd /etc/openvpn/easy-rsa/2.0/
chmod +rwx *
. ./vars
./clean-all
source ./vars

echo -e “\n\n\n\n\n\n\n” | ./build-ca
clear
echo “####################################”
echo “Feel free to accept default values”
echo “Wouldn’t recommend setting a password here”
echo “Then you’d have to type in the password each time openVPN starts/restarts”
echo “####################################”
./build-key-server server
./build-dh
cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/

clear
echo “####################################”
echo “Feel free to accept default values”
echo “This is your client key, you may set a password here but it’s not required”
echo “####################################”
./build-key client1
cd keys/

client=”
client
remote $ip 1194
dev tun
comp-lzo
ca ca.crt
cert client1.crt
key client1.key
route-delay 2
route-method exe
redirect-gateway def1
dhcp-option DNS 10.8.0.1
verb 3″

echo “$client” > $HOSTNAME.ovpn

tar czf keys.tgz ca.crt ca.key client1.crt client1.csr client1.key $HOSTNAME.ovpn
mv keys.tgz /root

opvpn=’
dev tun
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
push “route 10.8.0.0 255.255.255.0″
push “redirect-gateway”
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
group daemon
daemon’

echo “$opvpn” > /etc/openvpn/openvpn.conf

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
iptables-save > /etc/iptables.conf
echo “#!/bin/sh” > /etc/network/if-up.d/iptables
echo “iptables-restore < /etc/iptables.conf” >> /etc/network/if-up.d/iptables
chmod +x /etc/network/if-up.d/iptables
echo “net.ipv4.ip_forward=1″ >> /etc/sysctl.conf

/etc/init.d/openvpn start
clear

echo “OpenVPN has been installed
Download /root/keys.tgz using winscp or other sftp/scp client such as filezilla
Create a directory named vpn at C:\Program Files\OpenVPN\config\ and untar the content of keys.tgz there
Start openvpn-gui, right click the tray icon go to vpn and click connect
For support/bug reports email us at support@vpsnoc.com”

No Comments »

cPanel Proxy: Server Wide Installation

Web server | Posted by admin
May 05 2010

cPanel Proxy is a small PHP script which allows users to access cPanel, WHM and Web Mail on port 80 by acting like a proxy. Its very helpful for people who are behind firewall.

This tutorial guides you on ow to make a server-wide installation of cPanel Proxy so all accounts created on your server gets access to cPanel Proxy (can access cpanel on port 80)

Installing
Connect to your server via SSH and login to your normal user account (for cPanel, this account needs to be a member of the wheel group), then ’su -’ to root. At the prompt, type the following commands:
cd /usr/local/src
wget http://cpanelproxy.net/cPanelProxy.zip
mkdir cpanelproxy
cd cpanelproxy
unzip ../cPanelProxy.zip
cd ..
chown nobody.nobody cpanelproxy -R
chmod 755 cpanelproxy -R
mv cpanelproxy /usr/local/share

You have just downloaded the script and installed it, with the correct file ownership and permissions, into the /usr/local/share folder. The next step is to make a few changes to the Apache (web server) configuration file. Continue at the command prompt by typing the following:
pico /usr/local/apache/conf/httpd.conf

You will now be in the ‘UW PICO’ file editor. Scroll right down to the bottom of the file, and add the following lines:

ServerName cpanel.*
ServerAlias cpanel.* whm.* webmail.*
DocumentRoot /usr/local/share/cpanelproxy

Replace x.x.x.x with all the IP addresses that are configured on your server, each separated by a space – optionally, only enter the IP addresses that you want to make the cPanel Proxy script available on. Once done, press [CTRL-O] then [RETURN] to save your changes, then press [CTRL-X] to exit the editor and return to the command prompt.
To enable the changes, we just need to restart Apache with the following command:
service httpd restart

Enabling Existing Accounts
Before you will be able to access the proxy script, we need to make some changes to DNS. For existing domains, some manual steps are required, as a few CNAME records need to be added to each domains zone file. This can be done either through WHM, or via the command line.
If you want to do this via WHM, once logged in to WHM, click ‘Edit a DNS Zone’ from the ‘DNS Functions’ menu on the left, select the domain you wish to edit from the list, then click the ‘Edit’ button. Scroll the page to the point where it says ‘Add New Entries Below this Line’, and add the following two entries into the relevant boxes on the screen:
cpanel 14400 IN CNAME yourdomain.com.
webmail 14400 IN CNAME yourdomain.com.

Make your you substitute in the real name of the domain you are editing and making sure that it ends with a dot as above. If you also want to add in a link to WHM, you can also add the following entry:
whm 14400 IN CNAME yourdomain.com.

I personally prefer to only do this on reseller domains, and my main domain, as normal users have no need to access WHM. Once your done, click the ‘Save’ button to complete your changes.
If you want to do these changes via the command line, from your SSH session, type the following command to edit the zone file directly:
pico /var/named/yourdomain.com.db

Make sure you substitute in the real name of your domain into the command above. You will now be back in the ‘UW PICO’ file editor. Scroll to the end of the file, and add the following lines:
cpanel 14400 IN CNAME yourdomain.com.
webmail 14400 IN CNAME yourdomain.com.

Again, make sure you substitute in the real name of your domain, making sure that it ends with a dot as above. As mentioned previously, if you also want to add in a link to WHM, you can also add the following entry:
whm 14400 IN CNAME yourdomain.com.

Once done, press [CTRL-O] then [RETURN] to save your changes, then press [CTRL-X] to exit the editor and return to the command prompt. The final step is to force your DNS server to re-read its configuration files, so that your changes take effect. At the command line, type:
killall -HUP named

You should now be able to open your web browser to http://cpanel.yourdomain.com/ and be correctly prompted for your username and password.

Enabling New Accounts
The final part of this HOW-TO is to enable the proxy script for all new accounts automatically, which avoids having to make the manual changes above in the future. From your SSH session, type the following commands:
pico /var/cpanel/zonetemplates/standard

You will now be in the ‘UW PICO’ file editor. Scroll to the bottom of the file, and add the following lines:
cpanel IN CNAME %domain%.
webmail IN CNAME %domain%.

Press [CTRL-O] then [RETURN] to save your changes, then press [CTRL-X] to exit the editor and return to the command prompt. Next, type the following, at the command prompt:
pico /var/cpanel/zonetemplates/standardvirtualftp

Again, you will now be back in the ‘UW PICO’ file editor. Scroll to the bottom of the file, and again add the following lines:
cpanel IN CNAME %domain%.
webmail IN CNAME %domain%.

Press [CTRL-O] then [RETURN] to save your changes, then press [CTRL-X] to exit the editor and return to the command prompt. You have now edited the default DNS zone template files, which are used to create the zone files for new domains – this means new accounts will automatically have the correct entries to access the cPanel Proxy script on their domain. I’ve not included the WHM entry, since I believe this should be manually added to reseller domains only, since normal users have no need to access WHM.

PS: This How-To was originally published by Unofficial-Support(.com) (http://unofficial-support.com/node/view/50). As the site doest exit any more i have copied their tutorial from an old archive. All credits go to the original author (simon).

No Comments »

Bad Behavior has blocked 134 access attempts in the last 7 days.